CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In 2008(Directory Traversal)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2008-5794 22 1 Dir. Trav. 2008-12-31 2009-01-29
5.0
None Remote Low Not required None None Partial
Directory traversal vulnerability in system/admin/images.php in LoveCMS 1.6.2 Final allows remote attackers to delete arbitrary files via a .. (dot dot) in the delete parameter.
2 CVE-2008-5792 94 1 Exec Code Dir. Trav. File Inclusion 2008-12-31 2009-03-13
6.8
User Remote Medium Not required Partial Partial Partial
PHP remote file inclusion vulnerability in show_joined.php in Indiscripts Enthusiast 3.1.4, and possibly earlier, allows remote attackers to execute arbitrary PHP code via a URL in the path parameter. NOTE: the researcher also points out the analogous directory traversal issue.
3 CVE-2008-5787 22 1 Dir. Trav. 2008-12-31 2009-01-29
5.4
None Remote High Not required Complete None None
Directory traversal vulnerability in mod.php in Arab Portal 2.1 on Windows allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter, in conjunction with a show action.
4 CVE-2008-5776 22 1 Dir. Trav. File Inclusion 2008-12-30 2008-12-31
7.5
User Remote Low Not required Partial Partial Partial
Multiple directory traversal vulnerabilities in Aperto Blog 0.1.1 allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the (1) action parameter to admin.php and the (2) get parameter to index.php. NOTE: in some environments, this can be leveraged for remote file inclusion by using a UNC share pathname or an ftp, ftps, or ssh2.sftp URL.
5 CVE-2008-5771 22 1 Dir. Trav. 2008-12-30 2009-01-29
7.5
User Remote Low Not required Partial Partial Partial
Directory traversal vulnerability in test.php in PHP Weather 2.2.2 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the language parameter.
6 CVE-2008-5752 22 1 Dir. Trav. 2008-12-30 2009-01-29
4.3
None Remote Medium Not required Partial None None
Directory traversal vulnerability in getConfig.php in the Page Flip Image Gallery plugin 0.2.2 and earlier for WordPress, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the book_id parameter. NOTE: some of these details are obtained from third party information.
7 CVE-2008-5748 22 1 Dir. Trav. 2008-12-29 2009-01-29
4.3
None Remote Medium Not required Partial None None
Directory traversal vulnerability in plugins/spaw2/dialogs/dialog.php in BloofoxCMS 0.3.4 allows remote attackers to read arbitrary files via the (1) lang, (2) theme, and (3) module parameters.
8 CVE-2008-5728 22 1 Dir. Trav. 2008-12-26 2009-01-29
5.1
None Remote High Not required Partial Partial Partial
Multiple directory traversal vulnerabilities in AIST NetCat 3.12 and earlier, when magic_quotes_gpc is disabled and register_globals is enabled, allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in (1) the system parameter in modules/netshop/post.php; and the INCLUDE_FOLDER parameter in (2) auth.inc.php, (3) banner.inc.php, (4) blog.inc.php, and (5) forum.inc.php in modules/.
9 CVE-2008-5723 22 Dir. Trav. 2008-12-26 2009-08-19
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in CGI RESCUE KanniBBS2000 (aka KanniBBS2000i, MiniBBS2000, and MiniBBS2000i) before 1.03 allows remote attackers to read arbitrary files via unspecified vectors.
10 CVE-2008-5658 22 Dir. Trav. 2008-12-17 2009-10-31
7.5
User Remote Low Not required Partial Partial Partial
Directory traversal vulnerability in the ZipArchive::extractTo function in PHP 5.2.6 and earlier allows context-dependent attackers to write arbitrary files via a ZIP file with a file whose name contains .. (dot dot) sequences.
11 CVE-2008-5645 22 Dir. Trav. 2008-12-17 2009-03-13
7.8
None Remote Low Not required Complete None None
Directory traversal vulnerability in the media server in Orb Networks Orb before 2.01.0022 allows remote attackers to read arbitrary files via directory traversal sequences in an HTTP GET request.
12 CVE-2008-5642 22 1 Dir. Trav. 2008-12-17 2009-08-15
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in admin/login.php in CMS Made Simple 1.4.1 allows remote attackers to read arbitrary files via a .. (dot dot) in a cms_language cookie.
13 CVE-2008-5639 22 1 Dir. Trav. 2008-12-17 2009-01-29
4.3
None Remote Medium Not required Partial None None
Directory traversal vulnerability in index.php in TxtBlog 1.0 Alpha allows remote attackers to read arbitrary files via a .. (dot dot) in the m parameter.
14 CVE-2008-5604 22 1 Dir. Trav. 2008-12-16 2009-01-29
6.8
User Remote Medium Not required Partial Partial Partial
Directory traversal vulnerability in index.php in My Simple Forum 3.0 and 4.1, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the action parameter.
15 CVE-2008-5598 22 1 Dir. Trav. 2008-12-16 2009-01-29
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in index.php in PHPmyGallery 1.51 gold allows remote attackers to list arbitrary directories via a .. (dot dot) in the group parameter.
16 CVE-2008-5594 22 1 Dir. Trav. 2008-12-16 2009-05-14
7.5
User Remote Low Not required Partial Partial Partial
Multiple directory traversal vulnerabilities in index.php in Mini Blog 1.0.1 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) page and (2) admin parameters.
17 CVE-2008-5593 22 1 Dir. Trav. 2008-12-16 2009-01-29
7.5
User Remote Low Not required Partial Partial Partial
Multiple directory traversal vulnerabilities in index.php in Mini CMS 1.0.1 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) page and (2) admin parameters.
18 CVE-2008-5587 22 1 Dir. Trav. 2008-12-16 2014-05-15
4.3
None Remote Medium Not required Partial None None
Directory traversal vulnerability in libraries/lib.inc.php in phpPgAdmin 4.2.1 and earlier, when register_globals is enabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the _language parameter to index.php.
19 CVE-2008-5579 22 1 Dir. Trav. 2008-12-15 2009-01-29
5.0
None Remote Low Not required Partial None None
Absolute path traversal vulnerability in mini-pub.php/front-end/cat.php in mini-pub 0.3 allows remote attackers to read arbitrary files via a full pathname in the sFileName parameter.
20 CVE-2008-5570 22 1 Dir. Trav. 2008-12-15 2009-03-18
6.8
User Remote Medium Not required Partial Partial Partial
Directory traversal vulnerability in index.php in PHP Multiple Newsletters 2.7, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang parameter.
21 CVE-2008-5418 22 1 Dir. Trav. 2008-12-10 2009-01-29
5.1
User Remote High Not required Partial Partial Partial
Directory traversal vulnerability in login.php in the PunPortal module before 2.0 for PunBB allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the pun_user[language] parameter.
22 CVE-2008-5315 22 Dir. Trav. 2008-12-03 2009-08-12
7.8
None Remote Low Not required Complete None None
Directory traversal vulnerability in the web interface in Apple iPhone Configuration Web Utility 1.0 on Windows allows remote attackers to read arbitrary files via unspecified vectors.
23 CVE-2008-5301 22 Dir. Trav. 2008-12-01 2009-10-01
6.4
None Remote Low Not required Partial Partial None
Directory traversal vulnerability in the ManageSieve implementation in Dovecot 1.0.15, 1.1, and 1.2 allows remote attackers to read and modify arbitrary .sieve files via a ".." (dot dot) in a script name.
24 CVE-2008-5291 22 1 Exec Code Dir. Trav. 2008-12-01 2009-08-15
7.5
User Remote Low Not required Partial Partial Partial
Directory traversal vulnerability in code/track.php in FuzzyLime 3.03 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the p parameter, a different vector than CVE-2007-4805 and CVE-2008-3165.
25 CVE-2008-5275 22 Exec Code Dir. Trav. 2008-11-28 2009-04-14
7.5
User Remote Low Not required Partial Partial Partial
Multiple directory traversal vulnerabilities in the (a) "Unzip archive" and (b) "Upload files and archives" functionality in net2ftp 0.96 stable and 0.97 beta allow remote attackers to create, read, or delete arbitrary files via a .. (dot dot) in a filename within a (1) TAR or (2) ZIP archive. NOTE: this can be leveraged for code execution by creating a .php file.
26 CVE-2008-5272 22 1 Dir. Trav. 2008-11-28 2009-01-29
4.0
None Remote Low Single system Partial None None
Multiple directory traversal vulnerabilities in Fred Stuurman SyndeoCMS 2.6.0 allow remote authenticated users to read arbitrary files via a .. (dot dot) in the template parameter to (1) starnet/editors/fckeditor/studenteditor.php; (2) starnet/modules/sn_news/edit_content.php, reached through starnet/index.php; and (3) starnet/modules/sn_newsletter/edit_content.php, reached through starnet/index.php.
27 CVE-2008-5265 22 1 Dir. Trav. 2008-11-28 2009-04-14
6.8
None Remote Medium Not required Partial Partial Partial
Directory traversal vulnerability in index.php in TNT Forum 0.9.4, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the modulo parameter.
28 CVE-2008-5217 22 1 Dir. Trav. 2008-11-24 2009-04-17
5.1
None Remote High Not required Partial Partial Partial
Directory traversal vulnerability in index.php in txtCMS 0.3, when register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the id parameter.
29 CVE-2008-5209 22 1 Dir. Trav. 2008-11-24 2009-04-01
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in modules/download/get_file.php in Admidio 1.4.8 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.
30 CVE-2008-5207 22 Dir. Trav. 2008-11-21 2008-11-24
6.8
User Remote Medium Not required Partial Partial Partial
Multiple directory traversal vulnerabilities in Jonascms 1.2 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the taal parameter to (1) backup.php and (2) gb_voegtoe.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
31 CVE-2008-5204 22 1 Exec Code Dir. Trav. 2008-11-21 2009-08-20
6.8
None Remote Medium Not required Partial Partial Partial
Multiple directory traversal vulnerabilities in PowerAward 1.1.0 RC1, when register_globals is enabled, allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the lang parameter to (1) agb.php, (2) angemeldet.php, (3) anmelden.php, (4) charts.php, (5) external_vote.php, (6) guestbook.php, (7) impressum.php, (8) index.php, (9) rss-reader.php, (10) statistic.php, (11) teilnehmer.php, (12) topsites.php, (13) votecode.php, (14) voting.php, and (15) winner.php.
32 CVE-2008-5201 22 1 Dir. Trav. File Inclusion 2008-11-21 2009-08-20
7.5
User Remote Low Not required Partial Partial Partial
Directory traversal vulnerability in index.php in OTManager CMS 24a allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the conteudo parameter. NOTE: in some environments, this can be leveraged for remote file inclusion by using a UNC share pathname or an ftp, ftps, or ssh2.sftp URL.
33 CVE-2008-5175 22 Dir. Trav. 2008-11-19 2009-04-14
9.3
Admin Remote Medium Not required Complete Complete Complete
Directory traversal vulnerability in the FTP client in AceFTP Freeware 3.80.3 and AceFTP Pro 3.80.3 allows remote FTP servers to create or overwrite arbitrary files via a .. (dot dot) in a response to a LIST command, a related issue to CVE-2002-1345.
34 CVE-2008-5171 22 1 Dir. Trav. 2008-11-19 2012-10-30
9.3
Admin Remote Medium Not required Complete Complete Complete
Multiple directory traversal vulnerabilities in admin/minibb/index.php in phpBLASTER CMS 1.0 RC1, when register_globals is enabled, allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the (1) DB, (2) lang, and (3) skin parameters.
35 CVE-2008-5116 22 Dir. Trav. 2008-11-17 2009-08-13
7.8
None Remote Low Not required Complete None None
Directory traversal vulnerability in idm/includes/helpServer.jsp in Sun Java System Identity Manager 6.0 through 6.0 SP4, 7.0, and 7.1 allows remote attackers to read arbitrary files in the filesystem of the IDM server via directory traversal sequences in the ext parameter.
36 CVE-2008-5062 22 1 Dir. Trav. 2008-11-13 2009-03-13
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in php/cal_pdf.php in Mini Web Calendar (mwcal) 1.2 allows remote attackers to read arbitrary files via directory traversal sequences in the thefile parameter.
37 CVE-2008-4913 22 1 Dir. Trav. 2008-11-03 2009-01-29
5.0
None Remote Low Not required None None Partial
Directory traversal vulnerability in admin.php in LokiCMS 0.3.3 and earlier allows remote attackers to delete arbitrary files via a .. (dot dot) in the delete parameter.
38 CVE-2008-4894 22 Dir. Trav. 2008-11-03 2012-10-24
5.1
User Remote High Not required Partial Partial Partial
Directory traversal vulnerability in templates/mytribiqsite/tribal-GPL-1066/includes/header.inc.php in Tribiq CMS 5.0.10a, when register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the template_path parameter. NOTE: it was later reported that this issue also affects 5.0.12c.
39 CVE-2008-4875 22 1 Dir. Trav. 2008-11-01 2009-08-25
6.8
None Remote Low Single system Complete None None
Directory traversal vulnerability in the web server in Philips Electronics VOIP841 DECT Phone with firmware 1.0.4.50 and 1.0.4.80 allows remote authenticated users to read arbitrary files via a .. (dot dot) in a GET request. NOTE: this can be leveraged with CVE-2008-4874 for unauthenticated access to sensitive files such as (1) save.dat and (2) apply.log, which can contain other credentials such as the Skype username and password.
40 CVE-2008-4797 22 Dir. Trav. 2008-10-30 2008-11-18
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in Arihiro Kurata Kantan WEB Server 1.8 and earlier allows remote attackers to read arbitrary files via unknown vectors.
41 CVE-2008-4781 22 1 Dir. Trav. 2008-10-29 2009-02-26
7.5
User Remote Low Not required Partial Partial Partial
Directory traversal vulnerability in update.php in MyKtools 2.4 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the langage parameter.
42 CVE-2008-4780 22 1 Dir. Trav. 2008-10-29 2009-01-29
6.8
User Remote Medium Not required Partial Partial Partial
Directory traversal vulnerability in admin/centre.php in MyForum 1.3, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the padmin parameter.
43 CVE-2008-4773 22 1 Dir. Trav. 2008-10-28 2009-01-29
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in main/main.php in QuestCMS allows remote attackers to read arbitrary local files via a .. (dot dot) in the theme parameter.
44 CVE-2008-4769 22 Dir. Trav. 2008-10-28 2009-08-26
9.3
Admin Remote Medium Not required Complete Complete Complete
Directory traversal vulnerability in the get_category_template function in wp-includes/theme.php in WordPress 2.3.3 and earlier, and 2.5, allows remote attackers to include and possibly execute arbitrary PHP files via the cat parameter in index.php. NOTE: some of these details are obtained from third party information.
45 CVE-2008-4764 22 1 Dir. Trav. 2008-10-27 2012-07-13
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in the eXtplorer module (com_extplorer) 2.0.0 RC2 and earlier in Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the dir parameter in a show_error action.
46 CVE-2008-4759 22 1 Dir. Trav. 2008-10-27 2009-01-29
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in download.php in BuzzyWall 1.3.1 allows remote attackers to read arbitrary local files via a .. (dot dot) in the id parameter.
47 CVE-2008-4758 22 1 Dir. Trav. 2008-10-27 2009-01-29
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in download_file.php in PHP-Daily allows remote attackers to read arbitrary local files via a .. (dot dot) in the fichier parameter.
48 CVE-2008-4741 22 Dir. Trav. 2008-10-27 2009-09-01
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in index.php in FAR-PHP 1.00, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the c parameter.
49 CVE-2008-4740 22 1 Dir. Trav. 2008-10-27 2009-08-20
5.1
User Remote High Not required Partial Partial Partial
Directory traversal vulnerability in templater.php in the ZZ_Templater module in TinyCMS 1.1.2, when register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the config[template] parameter.
50 CVE-2008-4739 22 1 Dir. Trav. 2008-10-24 2009-01-29
6.8
User Remote Medium Not required Partial Partial Partial
Directory traversal vulnerability in index.php in PlugSpace 0.1, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the navi parameter.
Total number of vulnerabilities : 363   Page : 1 (This Page)2 3 4 5 6 7 8
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.